= Netfilter's list of ideas for students participanting in GSoC 2018 =
This document provides an introduction to the students that are willing to
apply to this round of Netfilter's GSoC 2018. Please, take the time to read
before you make questions.
== Introduction ==
In this edition, we propose that the students focus again on the nftables [1]
project, the successor of the popular iptables [2] firewalling tool. There is
a huge ongoing development effort to get nftables into production state.
We believe that GSoC students will help to boost this development, more
specifically on tasks that are relatively simple but time consuming and that
really need to be done.
== Prerequisites ==
General requirements for students to participate are:
* must know C, writing code fluently.
* computer networking at a good level, more specifically, layer 2/3/4 of TCP/IP
stack.
== Proposed tasks ==
We propose several tasks for GSoC students in the next sections, this year
we provide mostly tasks that range from average to hard in terms of difficulty.
All these tasks also involve helping in bug hunting and fixing.
== Task 1: Implement missing features in nftables ==
* Description: As of Linux kernel 4.15, nftables provides around 80% of the
iptables feature-set [5]. We believe that this is fundamental to help users
to migrate to nftables.
* Tasks: Help by implementing missing features available in iptables as
matches/targets.
* Level of difficulty: Average. There is already code that you can use as
reference for this task.
* Mentors: Pablo Neira Ayuso / Arturo Borrero
== Task 2: Library improvements for nftables ==
* Description: We already have the low level libnftnl, but this library is
probably too low level for user applications. Its markup language support
is still not in good shape, basically it needs more work.
* Tasks: Add support to batch commands and send them to the kernel in one go.
* Level of difficulty: Easy. There is code available implementing
libnftables but it is not finished. The main problems that may arise
are related to the time that the student will need to couple to the
existing codebase.
* Mentors: Pablo Neira Ayuso / Arturo Borrero
== Task 3: Improving automated test infrastructure ==
* Description: Test infrastructure is fundamental to catch regressions.
This project already comes with a nice test infrastructure, but we always
consider good to have more coverage.
* Tasks: Help by extending the existing infrastructure to support more tests
based on recent fixes and new features that got merged upstream.
* Level of difficulty: Easy. There is already code in place that can be used
as reference.
* Mentors: Pablo Neira Ayuso / Arturo Borrero
= More information on nftables =
The next Netfilter workshop in June-July 2018 [3] will surely focus on nftables
ongoing and future development discussions. The kernel components were already
merged into mainstream Linux kernel 3.13. Nonetheless, implementation works are
still far from complete.
All existing code is available under git.netfilter.org. More specifically:
* libnftnl: low-level userspace library for nftables (for libmnl) iptables.
* which already includes the iptables compatibility layer working over
nftables.
* nft: the new user-space command line tool, with a new syntax different from
iptables.
The Linux kernel tree containing the nftables modules is currently available in
a different repository [4].
= Contact us / Make us questions =
If you are a student willing to participate in GSoC 2018 and you're interested
in any of our tasks, please subscribe to this mailing list:
https://lists.netfilter.org/mailman/listinfo/gsoc2013
Subscribing to this mailing list requires approval from the administrator, so
please be patient, we'll accept it asap. You can use this mailing list to ask
your questions regarding Netfilter's task during the GSoC 2018.
You can also drop a line to arturo@netfilter.org, please make sure you Cc
gsoc2013@lists.netfilter.org in your questions since most likely what you
ask and the reply you get will help others in the community too.
= Applying to netfilter's GSoC =
If you want to be selected, go start getting familiarized with the nftables
software asap. Patches for the userspace library libnftnl, the command line
utility nft and kernel patches will make you rank higher in the student
selection process. No patches at all mean little chances to be selected.
= References =
[1] http://en.wikipedia.org/wiki/Nftables
[2] http://www.netfilter.org/projects/iptables/index.html
[3] http://workshop.netfilter.org/
[4] http://git.kernel.org/cgit/linux/kernel/git/pablo/nftables.git
[5] http://wiki.nftables.org
Author: Pablo Neira Ayuso
Last update: 10:22 +01:00 23/Jan/2018
-EOF-